ClawHub

Solana Memecoin Guardian v2

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Solana trading bot, but it needs Review because live mode can sign irreversible trades with a wallet private key while the live-mode warnings and scoping are inconsistent.

Install only if you intentionally want an automated high-risk Solana trading bot. Keep it in paper mode unless you have audited the code, use a dedicated low-balance wallet for live mode, protect private keys with a secret manager or tightly controlled .env file, and verify the live execution and exit paths before allowing it to trade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code logs that live mode is 'not implemented yet' in the copy-trade branch, but the same file contains fully active live trading paths for AI-driven buys and live sells. This inconsistency can mislead an operator into believing live execution is disabled when the process can still place real trades under --mode live, creating a dangerous trust gap around financial actions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The file does more than passive price and quote retrieval: it can construct a ready-to-sign swap transaction from an arbitrary quote response and user public key. That broader transactional capability increases risk because, if exposed through an agent skill without strong policy checks, it can be used to facilitate unintended asset swaps or social-engineered signing flows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly supports a live trading mode with automated transaction signing, but it does not clearly warn users that enabling live mode authorizes the agent to execute real signed trades on their behalf. In a high-risk memecoin trading context, that omission can cause users to underestimate financial and custody risk, leading to unintended real-money trades, rapid losses, or irreversible asset transfers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs operators to place a wallet private key in environment variables but does not explicitly emphasize that this is a highly sensitive secret that can grant full control of on-chain funds if exposed through logs, shell history, process listings, screenshots, or misconfigured deployment systems. In a live trading setup, this omission materially increases the chance of accidental credential disclosure and wallet compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The run instructions show how to start live mode but do not prominently warn that this mode performs real RPC calls, monitors wallets, and can execute actual Jupiter swaps using the configured private key. A user following the setup verbatim may unintentionally place real trades and lose funds, especially because the file is framed as ordinary setup documentation rather than a high-risk operational procedure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
In live mode, the AI trading path calls buyLiveByUsd directly with no interactive confirmation, no dry-run acknowledgement, and no prominent user-facing warning at execution time. In an agent skill context, this is especially dangerous because autonomous or unattended execution can immediately convert strategy errors, bad signals, or manipulated market data into irreversible on-chain trades.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This function signs and broadcasts a real on-chain swap using a locally loaded private key with no confirmation gate, policy check, or explicit acknowledgment in the execution path. In an agent/skill context, any upstream prompt injection, bad routing, or accidental invocation could directly spend wallet funds, making this materially dangerous even if another layer is supposed to prompt the user.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This sell path also signs and submits a live Jupiter swap directly from the configured wallet without any local confirmation or safety interlock. Because it can liquidate token holdings on-chain, accidental or adversarial triggering by an agent workflow can cause immediate loss of assets or forced trading at unfavorable prices.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal